On Sat Feb 10 15:31:47 2024 Mark Foley <mfoley at novatec-inc.com> wrote:> > On Sat, Feb 10, 2024 at 2:20?PM Mark Foley via samba > <samba at lists.samba.org> wrote: > > Does chrony have to be built in some special way to enable ntp-signd? > > Needs to be configured with "--enable-ntp-signd".I may have to build from sources. I downloaded from the SlackBuilds repo and have no idea how it was built. Is there an option to chronyd to list build options? I didn't see one in the manpage.> Also for comparison: > # ls -al /var/lib/samba/ntp_signd/ > total 8 > drwxr-x--- 2 root _chrony 4096 Jan 14 11:14 . > drwxr-xr-x 9 root root 4096 Jan 14 11:14 .. > srwxrwxrwx 1 root root 0 Jan 14 11:14 socketGot that: # ls -la /var/lib/samba/ntp_signd total 8 drwxr-x--- 2 root chrony 4096 2024-02-10 04:02 ./ drwxr-xr-x 7 root root 4096 2024-02-10 04:02 ../ srwxrwxrwx 1 root root 0 2024-02-10 04:02 socket Everything everyone has asked me about looks to be correctly configured. I think I need to build chrony from sources as my next step. I can't see what else could be wrong. --Mark
On Sat, Feb 10, 2024 at 5:06?PM Mark Foley via samba <samba at lists.samba.org> wrote:> > Needs to be configured with "--enable-ntp-signd". > > I may have to build from sources. I downloaded from the SlackBuilds repoand> have no idea how it was built. Is there an option to chronyd to list build > options? I didn't see one in the manpage.According to https://slackbuilds.org/slackbuilds/15.0/network/chrony/chrony.SlackBuild that configure directive is not used: =======================./configure \ --prefix=/usr \ --sysconfdir=/etc \ --localstatedir=/var \ --mandir=/usr/man \ --docdir=/usr/doc/$PRGNAM-$VERSION \ --with-user=${NTP_USER} =======================So the SlackBuild as presented is not suitable for your purpose. Chris> > Also for comparison: > > # ls -al /var/lib/samba/ntp_signd/ > > total 8 > > drwxr-x--- 2 root _chrony 4096 Jan 14 11:14 . > > drwxr-xr-x 9 root root 4096 Jan 14 11:14 .. > > srwxrwxrwx 1 root root 0 Jan 14 11:14 socket > > Got that: > > # ls -la /var/lib/samba/ntp_signd > total 8 > drwxr-x--- 2 root chrony 4096 2024-02-10 04:02 ./ > drwxr-xr-x 7 root root 4096 2024-02-10 04:02 ../ > srwxrwxrwx 1 root root 0 2024-02-10 04:02 socket> > Everything everyone has asked me about looks to be correctly configured.I> think I need to build chrony from sources as my next step. I can't seewhat else> could be wrong. > > --Mark > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On Sat Feb 10 17:05:46 2024 Mark Foley via samba <samba at lists.samba.org> wrote:> On Sat Feb 10 15:31:47 2024 Sonic <sonicsmith at gmail.com> wrote: > > On Sat, Feb 10, 2024 at 2:20?PM Mark Foley via samb<samba at lists.samba.org> wrote: > > Does chrony have to be built in some special way to enable ntp-signd? > > Needs to be configured with "--enable-ntp-signd". > > > I may have to build from sources. I downloaded from the SlackBuilds repo and > > have no idea how it was built. Is there an option to chronyd to list build > > options? I didn't see one in the manpage.YAAAAAAAY! Finally! I have my Windows domain members syncing with the DC!!! Thanks to all who helped on this issue. Thanks in particular to luis whose advice to 'tcpdump -v -i eth0 port 123' gave me the clue I needed to carry on, which showed that my time server program(s) were not replying to the Windows signd queries. The need for signd was not new to me. I built ntpd from source 10 years ago with --enable-ntp-signd and that worked fine. I thought I had done this on the new DC as well, several times in fact, but either the 'make install' messed up or I messed something up (probably the latter) and it just wouldn't work. On the advice of many I installed chrony from the SlackBuilds repo, but that build was not enabled for ntp-signd. Finally I downloaded the chrony 4.5 source tarball from https://chrony-project.org/download.html and built it with: ./configure --prefix=/sbin --with-user=chrony --mandir=/usr/man --enable-ntp-signd. Thanks to Chris "Sonic" who gave me the --enable-ntp-signd option. That wasn't mentioned in the INSTALL file (although was in the list in the configure script comments). That worked! My Windows computers now have: w32tm /query /source mail.hprs.local Again, thanks to all for your help and patience. --Mark